Embed Size (px)
DESCRIPTION
Challenges in Securing Converged Networks. Prepared for :. Telcordia Contact: John F. Kimmins Executive Director [email protected] 732-699-6188. 2007 CQR Conference. Outline. Threats Vulnerabilities Architecture Boundaries Insider External Application Logical Domains - PowerPoint PPT Presentation
Citation preview
Copyright © 2007 Telcordia Technologies
Challenges in Securing Converged Networks
Prepared for: Telcordia Contact:John F. KimminsExecutive [email protected]
2007 CQR Conference
Outline
Threats Vulnerabilities Architecture Boundaries
Insider External Application Logical Domains
Other Challenges Market Perspective
Example Service Provider Architecture
Carrier IP NetworkCustomer Network
Internet
Peer Network
PSTN
Customer Network
Signaling Gateways(SG)
Media GatewayControllers
(MGC)
Media Gateways(MG)
SBC
OS
S
Ba
cko
ffic
e
Provisioning ServersDHCP ServersDNS Servers
TFTP or HTTP ServersSYSLOG Servers
NFS ServersRecord Keeping Servers (RKS)
IP PBX
IP Softphone
IP Phone
Voice Router
Voice Gateway
Voice Gateway
SIP Endpoints Soft Phones, VoIP Phones,
Attached Terminal Adaptors (ATA)
SoftSwitch Signaling Gateway Media Gateway Media Gateway Controller Session Border Controller (SBC) Registration & Location Servers Supporting Servers
Authentication, Authorization, and Accounting (AAA) servers
Call Data Record (CDR) servers
Domain Name Service (DNS) servers
Network File Server (NFS)
Threats
Confidentiality Eavesdropping (including traffic analysis)
Interception of Signaling or Media Stream Integrity
Modification of Signaling (Rerouting/Masquerading) Modification of Media Stream (Impersonation) Fraud (cannot trust Caller ID) Integrity of stored data and systems
Availability Service disruption (amplification attacks DoS/DDoS)
Denial of Service against Signaling or Media Stream Spam Over Internet Telephony (SPIT)
Unauthorized access (compromise systems with intentions to attack other systems or exploit vulnerabilities to commit fraud and eavesdropping).
Types of Vulnerabilities
Applications: Buffer overflows, format-string exploits, scripts, password
exploits, overload (DoS, DDoS) Protocols:
Session tear-down, impersonation, session hijacking, SIP>SS7 boundary messages tampering, malformed messages, overload (DoS, DDoS)
Supporting Services Address resolution and directory services (DNS, LDAP,
ENUM), email (SMTP), supporting databases (SQL), SNMP, STUN used for NAT traversal
OS and Networking: Buffer overflows, format-string exploits, scripts, password
exploits, overload (DoS, DDoS), ARP cache poisoning
End-to-End View Source: ITU Y.2701 (Security Requirements for NGN)
Transport
Service Provider A Domain
Application Servers
Softswitch CSCF
Service Stratum
Access (xDSL, Cable, FTTP, WiFi,
WiMAX) Enterprise
Home networks
Devices and CPEs
Users
Transport
Service Provider B Domain
Application Servers
Softswitch CSCF
Service Stratum
TransitEnterprise
Home networks
Devices and CPEs
Users
Access (xDSL, Cable, FTTP, WiFi,
WiMAX)
3rd Party Provider
UNI
NNI
UNI
ANIANI
NNI NNI
Insider Perspective
PSTN
VoIP
Internet
PSX
SGX
Attacks
SBC/GWGSX
NFS Server
Attack Station
Operations Network Interfaces
VLAN XX
OperationsNetwork
VLAN XX
Attack Station
Attack Station
Attack Station
PSXSGX
SGX
Performs Local and Inter-VLAN
Vulnerability Scanning
Performs Local and Inter-VLAN
Vulnerability Scanning
Performs Operations
Network to VLAN Vulnerability
Scanning
External Perspective
AttackerLAN
VoIP
Internet
Attack Station
PSX
SGX
Attempted Attacks
Attacks
DNS
SBC/GWRouter
Other external components supporting the VoIP
infrastructure
Attempts to Bypass Filtering
Application³ Interface SecurityOSA/Parlay Interface
OSA/ParlayFramework
Service Control Features
OSA/ParlayApplication A
OSA/ParlayApplication A
OSA/Parlay Gateway - Service Capability Server
OSA/Parlay APIs
Enterprise/Third Party Providers
IMS Third PartyAccess
OSA/ParlayApplication A
IMS Core Components IMS Network
* Application³ means Third Party Application
Logical Segmentation Challenges
Logical segmentation of the management/signaling/user layer between locations: Secure logical separation of domestic and international VoIP/NGN
components An intruder from a foreign location could attack key domestic network
elements because there may be insufficient barriers between domestic and international domains.
Internal Security Boundaries Needed?
Control Servers• SIP Protocol Weaknesses• User Deregistration/Dos• SNMP/Management
Vulnerabilities• Priority Handling (ETS)• E9-1-1 Service Weaknesses• Unpatched App/OS Exploits• Insecure Configuration• Reliability & Availability• New Entrant Vendors
Access Network / Internet
User Device• Spyware/Adware• Worms/Viruses• Keyloggers• Trojan Horse• OS Vulnerabilities• Network Impersonation• Insecure Customer
Network Extensions• Malicious Applets• Active X Vulnerabilities• XSS/XST• Shell Shoveling• Phishing/Pharming• Device Theft• Stolen Password• Data Theft
Access• Eavesdropping• Integrity Violations• Manipulation Attacks• Traffic Analysis• Man-in-the-Middle
Attacks• Session Hijacking• Reset Connection
Network Attachment• Weak Authentication• DNS Cache Poisoning• Policy Mis-configuration• SNMP/Management
Vulnerabilities• Denial of Service• Open Ports / Port Scanning• IP Attacks• IP Spoofing
Application Servers• SIP Protocol Weaknesses• Malicious Code in SIP/HTTP• IN/Legacy System
Weaknesses• Unpatched App/OS Exploits• Insecure Configuration• Service Authentication &
Authorization Flaws• Denial of Service• Inadequate Security Logs• Open Systems Vulnerabilities
Back-End Systems• Location Misdirection• SQL Injection• Command Injection• Insecure Information Storage• Trust Relationship Attacks• Weak App-tp-App
Authentication
Web Servers• Inadequate Input Validation• Buffer Overflow• Root Access Exploit• Command/Code Injection• Authentication Flaws • User Impersonation• Authorization Flaws /
Privilege Escalation• Insecure Sessions• Error Mishandling• Directory Traversal• Denial of Service
Proxy Servers• User Impersonation• Bid-Down Attacks• Replay Attacks• SIP Parameter
Manipulation• Policy Mis-configuration• SNMP/Management
Vulnerabilities• Denial of Service• Priority Handling
OSS
Third Party Application Access
• OSA / Parlay / Parlay X Vulnerabilities
• CORBA Vulnerabilities• Malicious Applications• Authentication &
Authorization Flaws• Interface Confidentiality &
Integrity Violations• Insecure Partner Networks• Unpatched App/OS Exploits• Insecure Configuration• Open Systems Vulnerabilities• Denial of Service
I-CSCF
S-CSCF
OSA GW IM-SSF
BGCF MGCF
SGW
RACS
P-CSCF
NASS
HSS Subscriber
Data
PSTN Interconnection
MGW
SIP AS
IP Peering & Interconnection•VoIP Fraud•Traffic Smuggling•SS7 Message Spoofing•SBC Vulnerabilities•Denial of Service•Policy Mis-configuration•Routing Table Attacks•Network Topology Exploits•IP Attacks•IP Spoofing
Control Servers• SIP Protocol Weaknesses• User Deregistration/Dos• SNMP/Management
Vulnerabilities• Priority Handling (ETS)• E9-1-1 Service Weaknesses• Unpatched App/OS Exploits• Insecure Configuration• Reliability & Availability• New Entrant Vendors
Access Network / Internet
Access Network / Internet
User Device• Spyware/Adware• Worms/Viruses• Keyloggers• Trojan Horse• OS Vulnerabilities• Network Impersonation• Insecure Customer
Network Extensions• Malicious Applets• Active X Vulnerabilities• XSS/XST• Shell Shoveling• Phishing/Pharming• Device Theft• Stolen Password• Data Theft
Access• Eavesdropping• Integrity Violations• Manipulation Attacks• Traffic Analysis• Man-in-the-Middle
Attacks• Session Hijacking• Reset Connection
Network Attachment• Weak Authentication• DNS Cache Poisoning• Policy Mis-configuration• SNMP/Management
Vulnerabilities• Denial of Service• Open Ports / Port Scanning• IP Attacks• IP Spoofing
Application Servers• SIP Protocol Weaknesses• Malicious Code in SIP/HTTP• IN/Legacy System
Weaknesses• Unpatched App/OS Exploits• Insecure Configuration• Service Authentication &
Authorization Flaws• Denial of Service• Inadequate Security Logs• Open Systems Vulnerabilities
Back-End Systems• Location Misdirection• SQL Injection• Command Injection• Insecure Information Storage• Trust Relationship Attacks• Weak App-tp-App
Authentication
Web Servers• Inadequate Input Validation• Buffer Overflow• Root Access Exploit• Command/Code Injection• Authentication Flaws • User Impersonation• Authorization Flaws /
Privilege Escalation• Insecure Sessions• Error Mishandling• Directory Traversal• Denial of Service
Proxy Servers• User Impersonation• Bid-Down Attacks• Replay Attacks• SIP Parameter
Manipulation• Policy Mis-configuration• SNMP/Management
Vulnerabilities• Denial of Service• Priority Handling
OSS
Third Party Application Access
• OSA / Parlay / Parlay X Vulnerabilities
• CORBA Vulnerabilities• Malicious Applications• Authentication &
Authorization Flaws• Interface Confidentiality &
Integrity Violations• Insecure Partner Networks• Unpatched App/OS Exploits• Insecure Configuration• Open Systems Vulnerabilities• Denial of Service
I-CSCF
S-CSCF
OSA GW IM-SSF
BGCF MGCF
SGW
RACS
P-CSCF
NASS
HSS Subscriber
Data
PSTN Interconnection
PSTN Interconnection
MGW
SIP AS
IP Peering & Interconnection•VoIP Fraud•Traffic Smuggling•SS7 Message Spoofing•SBC Vulnerabilities•Denial of Service•Policy Mis-configuration•Routing Table Attacks•Network Topology Exploits•IP Attacks•IP Spoofing
An End-to-End View of Potential Security Vulnerabilities
Other Challenges in Security
End-to-End Security Management Scaling across network domains, national and
international domains (e.g., countries/continents) Hop-by-hop or end-to-end
Identity Management Identity across network domains, national and
international domains (e.g., countries/continents) Associated with a location Private/public identities, role and context based
identifiers
Evolving Trust ModelSource: ITU Y.2701
NNI Trust ModelSource: ITU:Y.2701
Market Perspective How’s security in VoIP/NGN products today?
Poor to average Security controls are not mature Not well implemented in deployments
Implementations inherit traditional vulnerabilities (e.g. Buffer Overflows)
Security performance and reliability are critical elements and need to be improved
Security features to enforce stronger security posture (protocol, user and boundaries) are not uniformly implemented
Baseline security requirements for product vendors are many times vague
Signaling and media security are not fully recognized by the market Integration of security functionality still evolving Organizational issues are not fully identified and addressed
